diff --git a/admin-cli.yml b/admin-cli.yml
index e777dd3..6081e99 100755
--- a/admin-cli.yml
+++ b/admin-cli.yml
@@ -8,6 +8,9 @@
     - include_role:
         name: debian
       when: ansible_distribution == 'Debian'
+    - include_role:
+        name: fedora
+      when: ansible_distribution == 'Fedora'
     - include_role:
         name: freebsd
       when: ansible_distribution == 'FreeBSD'
diff --git a/admin-gui.yml b/admin-gui.yml
index 17a76db..feb214c 100755
--- a/admin-gui.yml
+++ b/admin-gui.yml
@@ -8,6 +8,9 @@
     - include_role:
         name: debian
       when: ansible_distribution == 'Debian'
+    - include_role:
+        name: fedora
+      when: ansible_distribution == 'Fedora'
     - include_role:
         name: freebsd
       when: ansible_distribution == 'FreeBSD'
diff --git a/roles/fedora/files/70-solokeys-access.rules b/roles/fedora/files/70-solokeys-access.rules
new file mode 100644
index 0000000..0243401
--- /dev/null
+++ b/roles/fedora/files/70-solokeys-access.rules
@@ -0,0 +1,19 @@
+# Notify ModemManager this device should be ignored
+ACTION!="add|change|move", GOTO="mm_usb_device_blacklist_end"
+SUBSYSTEM!="usb", GOTO="mm_usb_device_blacklist_end"
+ENV{DEVTYPE}!="usb_device",  GOTO="mm_usb_device_blacklist_end"
+
+ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", ENV{ID_MM_DEVICE_IGNORE}="1"
+
+LABEL="mm_usb_device_blacklist_end"
+
+
+# Solo bootloader + firmware access
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess"
+SUBSYSTEM=="tty", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="a2ca", TAG+="uaccess"
+
+# ST DFU access
+SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", TAG+="uaccess"
+
+# U2F Zero
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess"
diff --git a/roles/fedora/tasks/main.yml b/roles/fedora/tasks/main.yml
new file mode 100644
index 0000000..7a4d7a9
--- /dev/null
+++ b/roles/fedora/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+- include: packages-cli.yml
+- include: packages-gui.yml
+  when: gui == true
+- include: modules.yml
+- include: ssh.yml
+- include: solokeys.yml
diff --git a/roles/fedora/tasks/modules.yml b/roles/fedora/tasks/modules.yml
new file mode 100644
index 0000000..c3e93e4
--- /dev/null
+++ b/roles/fedora/tasks/modules.yml
@@ -0,0 +1,13 @@
+---
+- name: Blacklist pcspkr module
+  become: true
+  lineinfile:
+    path: /etc/modprobe.d/blacklist.conf
+    line: blacklist pcspkr
+    create: yes
+- name: Blacklist dvb_usb_rtl28xxu module
+  become: true
+  lineinfile:
+    path: /etc/modprobe.d/blacklist.conf
+    line: blacklist dvb_usb_rtl28xxu
+    create: yes
diff --git a/roles/fedora/tasks/packages-cli.yml b/roles/fedora/tasks/packages-cli.yml
new file mode 100644
index 0000000..740bbfc
--- /dev/null
+++ b/roles/fedora/tasks/packages-cli.yml
@@ -0,0 +1,36 @@
+---
+- name: Install CLI packages
+  become: true
+  dnf:
+    name: '{{ packages }}'
+    state: present
+  vars:
+    packages:
+      - "@c-development"
+      - ansible
+      - asciidoctor
+      - bc
+      - bind-utils
+      - clang
+      - git
+      - gnupg
+      - lldb
+      - mc
+      - nmap
+      - openssh-server
+      - python3
+      - python3-psutil
+      - rubygem-asciidoctor-pdf
+      - sqlite
+      - sudo
+      - tlp
+      - tmux
+      - vim
+      - wordgrinder
+      - zsh
+- name: Enable TLP
+  become: true
+  systemd:
+    name: tlp.service
+    enabled: true
+    state: started
diff --git a/roles/fedora/tasks/packages-gui.yml b/roles/fedora/tasks/packages-gui.yml
new file mode 100644
index 0000000..cf7ebaf
--- /dev/null
+++ b/roles/fedora/tasks/packages-gui.yml
@@ -0,0 +1,21 @@
+---
+- name: Install GUI packages
+  become: true
+  dnf:
+    name: '{{ packages }}'
+    state: present
+  vars:
+    packages:
+      - emacs
+      - evolution
+      - evolution-ews
+      - galculator
+      - git-gui
+      - kleopatra
+      - nextcloud-client
+      - nextcloud-client-dolphin
+      - redshift-gtk
+      - remmina
+      - rxvt-unicode
+      - vim-X11
+      - xterm
diff --git a/roles/fedora/tasks/solokeys.yml b/roles/fedora/tasks/solokeys.yml
new file mode 100644
index 0000000..fbe5b52
--- /dev/null
+++ b/roles/fedora/tasks/solokeys.yml
@@ -0,0 +1,15 @@
+---
+- name: install solokeys udev rule
+  become: true
+  copy:
+    src: 70-solokeys-access.rules
+    dest: /etc/udev/rules.d/70-solokeys-access.rules
+  register: solokeys_copy
+- name: reload udevadm rules
+  become: true
+  command: udevadm control --reload-rules
+  when: solokeys_copy.changed
+- name: trigger udevadm
+  become: true
+  command: udevadm trigger
+  when: solokeys_copy.changed
diff --git a/roles/fedora/tasks/ssh.yml b/roles/fedora/tasks/ssh.yml
new file mode 100644
index 0000000..46919f1
--- /dev/null
+++ b/roles/fedora/tasks/ssh.yml
@@ -0,0 +1,20 @@
+---
+- name: Disable SSH passwords
+  become: true
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^#?\w*PasswordAuthentication (yes|no)'
+    line: 'PasswordAuthentication no'
+  register: changed_ssh_config
+- name: Enable SSH
+  become: true
+  systemd:
+    name: sshd.service
+    enabled: yes
+    state: started
+- name: Restart SSH
+  become: true
+  systemd:
+    name: sshd.service
+    state: restarted
+  when: changed_ssh_config.changed == true